Print

Exercise #3: Online Store Session Hijacking

Description

Perform an ethical hacking by adding an undesired product item into a victim's shopping cart.
    1. Set Firefox (hacker's browser) proxy setting to
      manual proxy
      HTTP Proxy: localhost
      Port: 8080 
    2. Set Burp proxy setting to
      Port: 8080
      Intercept On
    3. In Chrome or IE (victim's browser)
      • Visit the victim online store
      • Add one product to the cart
      • View cookies (right-click the page -> Inspect Elements -> Resources -> Cookies)
      • Copy cookie value of ASP.NET_SessionId and the cart ID
    4. In Firefox
      • Visit the victim online store
      • Add one product item to the cart
      • Intercept, replace cookie value of ASP.NET_SessionId and cart ID, then forward
    5. In Chrome or IE
      • View cart